Financial fraud can happen to any business, at any time. Scott Regan, Chief Operating Officer at RenewalMD, knows this only too well.
The Georgia-based cosmetic surgery practice faced a serious case of financial fraud when someone began using their routing number and account number to write fraudulent checks. Their bank would not help them recover the money, and all they could do was close the checking account.
Scott’s team fell victim to this scam because they were using an outdated accounts payable process. Like so many businesses, their finance team had been writing and sending checks manually. Scott’s team has now upgraded all their processes using financial automation software, so they can make digital payments quickly, easily and – most importantly – securely. But their story is a cautionary tale for any business.
In 2023, the Association for Financial Professionals reported that 65% of organizations experienced payment fraud attempts or attacks in 2022. The five most common attacks are phishing scams, invoice fraud, payroll fraud, asset misappropriation and internal fraud. Not only that, but fraud strategies are also becoming more sophisticated.
To protect your business, here are four steps finance teams can take.
1. Educate your team
Today, risks and threats can come from multiple channels, including email, social media or text. Scams are also always evolving, so it’s important to keep your team up to speed on common fraud tactics and the best way to avoid them.
For example, businesses can fall victim to “CEO fraud”. This is not, as its name might suggest, a case of an executive commiting fraud – it actually refers to the practice of someone pretending to be a senior executive. This can happen to any business or person, at any level. It’s even happened to me – at a prior role, I got an urgent text seemingly from my CEO asking me to wire funds that I almost fell for. This experience taught me a lesson that no matter how prepared you are, there are thousands of different tricks scammers use to access a company’s financial information. You can’t educate your team on every single possible threat, but you can develop a framework to help your employees protect the business.
A security training framework could include the following:
- A clear explanation of online security procedures, and how to manage different types of requests
- A list of signs that may indicate fraudulent communication, such as the use of unencrypted websites or slightly misspelled domain names
- A plan to reduce human error when handling sensitive information that outlines which type of requests should be verified with a team member, and how to verify that request
2. Build secure walls around your digital fortress
The average small business uses 172 apps to keep its organization running. If the security on even one is lacking, it can pave the way for fraud. To prevent this, you can consider some basic protocols for maximum security.
- Invest in information security. You can still have strong security without an in-house security team. Specialized companies or consultants can help you secure your IT and data.
- Encourage your team to use passphrases. Instead of using different passwords for each software solution, stack a chain of words that are easy for the employee to remember, but harder for a scammer to guess. From there, mix up the capitalization and use of symbols. An example of this could be $tr@wberryL3mon8de.
- Keep software up to date. This helps reduce the threat of viruses and allows you to access more advanced security features that alert you of potential threats.
- Use Multi-Factor Authentication (MFA). This is when a system requires two or more credentials before access is granted, both something you know (like a password) and something you have, like a phone that can receive a text message or an MFA authentication app. MFA provides an extra layer of security by ensuring more proof than just a login to process a payment.
3. Automate your finances
One of the best things you can do to avoid falling victim to financial fraud is to decrease your reliance on paper checks and manual processes, and automate your finances.
A growing form of check fraud is called “check washing.” This is when a scammer uses a special solvent to remove the existing ink from the check indicating recipient and dollar amount, while keeping bank info like routing numbers and account ownership from the original bank-printed check. Because mailed checks are often handled by several different people, they’re especially prone to tampering and loss – and outside of a forged signature, these checks look completely legitimate to a bank.
Financial automation software is the best way to protect your business. The best software providers invest in state-of-the-art fraud detection tools to ensure the safety and security of their customers. These automated tools software help identify irregularities in payment data and alert you of threats that could indicate fraud. By using a secure electronic payments system instead of relying on paper checks, you can also easily, quickly and safely make ACH payments, international payments and virtual card payments.
The great thing about integrated financial software is that it can also help automate accounts receivable, manage corporate spend and expenses, control budgets, and manage cash flow. The benefits of this can flow through to your business, as keeping on top of the company’s finances can also help to protect your reputation and maintain customer trust.
4. Fortify your internal controls
It’s important to strengthen your company’s internal controls to help keep sensitive financial data safe, both from external and internal threats. Last year, around 22% of small businesses experienced employee theft, with financial statement theft being the most common employee fraud tactic. To mitigate this, best practice internal controls can include:
- Using software to manage your corporate spend and expenses
- Setting aside time to regularly review financial reports and accounting records
- Limiting access to financial information
- Ensuring employees are empowered to surface concerns and potential risks from fraud
One of the most effective tools to ensure internal control over your finances is by using software to manage your corporate spend and expense. Spend and expense software gives you complete control over allocating budgets, monitoring and reconciling spend, and customizing controls on who can spend.
With greater control and visibility over internal spend and expenses, you’re able to more effectively and efficiently identify when something isn’t right. After all, these internal control systems offer important checks and balances against human error. Everyone makes mistakes from time to time, but the best businesses I’ve been part of take smart external and internal precautions to reduce risks from both deliberate and accidental fraud.
Winning the war against fraud
The RenewalMD story is a great one because it shows that every business or finance team – no matter how big or small – can effectively fight fraud. Can technology guarantee to protect you against all fraud attacks? Absolutely not. But my experience shows that the right software, working alongside strong external and internal controls, can give you the tools, insights and control you need to protect your business from the unexpected and unwanted.
Sofya Pogreb is the Chief Operating Officer at BILL.
Financial fraud stock image by Vitalii Vodolazskyi/Shutterstock